EU-US Privacy Shield Audit and Assessments; we are ready when you are!

Expand your business into EU-US markets while minimizing performance and operational risks with our industry-leading, innovative, and cost effective EU-US Privacy Shield certification services. Lazarus Alliance provides EU-US Privacy Shield certification advisory and assessment services for public, private, and community organizations quickly, sustainably, and affordably.
The decision by a U.S.-based organization to join the Privacy Shield program is entirely voluntary. However, once an eligible organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law by the relevant enforcement authority, either the U.S. Federal Trade Commission (FTC) or the U.S. Department of Transportation (DOT).
To be assured of Privacy Shield benefits, an organization must re-certify annually and report to the Department of Commerce that it agrees to adhere to the Privacy Shield Principles, a detailed set of requirements based on privacy principles such as notice, choice, access, and accountability for onward transfer. Lazarus Alliance will lead your organization successfully to the certification and help maintain annual re-certification using ITAM (Our proprietary SaaS platform).

EU-U.S. Privacy Shield Program Overview

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Open our EU-US Privacy Shield Factsheet:
While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in joining the Privacy Shield Framework should contact Lazarus Alliance for a review of its requirements in their entirety. This will help you determine if adhering to the Privacy Shield is right for your organization.

Is Your Organization Eligible to Participate in the Privacy Shield?

Any U.S. organization that is subject to the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transportation (DOT) may participate in the Privacy Shield. The FTC and DOT have both committed that they will enforce the Privacy Shield Framework.
Generally, the FTC's jurisdiction covers acts or practices in or affecting commerce by any "person, partnership, or corporation."; The FTC does not have jurisdiction over most depository institutions (banks, federal credit unions, and savings & loan institutions), telecommunications and interstate transportation common carrier activities, air carriers, labor associations, most non-profit organizations, and most packer and stockyard activities. In addition, the FTC's jurisdiction with regard to insurance activities is limited to certain circumstances. Note that to be transferred in reliance on the Privacy Shield, personal data must be processed in connection with an activity that is subject to the jurisdiction of at least one appropriate statutory body we will help identify. The DOT has exclusive jurisdiction over U.S. and foreign air carriers. The DOT and the FTC share jurisdiction over ticket agents that market air transportation. If you are uncertain as to whether your organization falls under the jurisdiction of either the FTC or DOT, then please be sure to contact the Privacy Shield Team at Lazarus Alliance for more information.

Is Your Privacy Policy Statement Privacy Shield- Compliant?

Your organization must have a Privacy Shield-compliant privacy policy before the Department of Commerce will grant your certification. Lazarus Alliance has policy development down to a science and we will get it done right the first time.
In order to be compliant with the Privacy Shield Framework, your privacy policy must conform to the Privacy Shield Principles. Among other things, the privacy policy should reflect your organization's information handling practices and the choices your organization offers individuals with respect to the use and disclosure of their personal information. Lazarus Alliance will help ensure your policy meets the rigor of the Privacy Shield Framework so you are assured of certification success.
You must make specific reference in the privacy policy to your organization's Privacy Shield compliance requires each organization certified to state in its relevant published privacy policy that it adheres to the Privacy Shield Principles. We will cover everything required with your organization quickly and cost effectively.
You must identify in the privacy policy your organization's independent recourse mechanism and if your organization's privacy policy is available online, it must include access your independent recourse mechanism that is available to investigate unresolved complaints regarding your organization's compliance with the Privacy Shield or to the independent recourse mechanism's complaint submission form. Lazarus Alliance will guide you through all these requirements and offer solutions in the event your organization lacks this key element.
You must provide an accurate location for your organization's privacy policy and ensure that it is publicly available. During the certification process, your organization must provide accurate information about the location of its applicable privacy policy or policies. If your organization is covering HR and non-HR data, it must indicate the location of the applicable policy or policies for each type of data covered under your organization’s certification. If your organization has a public website, it must provide the web address where the privacy policy is available and if your organization does not have a public website, you must provide an address where the privacy policy is available for viewing by the public. In addition, your organization should verify that its privacy policy is effective prior to successful certification. Lazarus Alliance will verify everything along the path to certification and help you sustain your certification year-over-year so re-certification is quick and painless.

Schedule some time with our Cybervisors!

Leveraging the Continuum GRC IT Audit Machine, Security Trifecta methodology and the Policy Machine, Lazarus Alliance provides international standards that are recognized as “Best Practices” for developing organizational security standards and controls that support EU-US Privacy Shield certifications.

We want to be your partner and Privacy Shield compliance audit assessor of choice! For additional information please contact us using the form to the right or calling 1-888-896- 7580.